Can I log user out after session has reached maxlife

Question

I have a piece of code below where session variables can last for 12 hours:

ini_set('session.gc_maxlifetime',12*60*60);
ini_set('session.gc_divisor', '1');
ini_set('session.gc_probability', '1');
ini_set('session.cookie_lifetime', '0');

But what my question is that is it possible to log the user out once 12 hours has passed and the session variables have expired? In other words I have a teacherlogout.php page, after 12 hours has passed can it redirect the user to the logout page once the user has navigated to another page or refreshed the page after 12 hours?

UPDATE:

Could this work:

if ((isset($username)) && (isset($userid))){

...//WHOLE CODE

}else{

header( 'Location: teacherlogout.php' ) ;
}

I thought this happened automatically when a session expires? — Joel Murphy, Sep 26 '12 at 17:13
For me if it is passed 12 hours and I refresh the page, then it shows the same page but it shows notices for unefined variables. What I want is that if 12 hours have passed, then navigate to teacherlogout.php (either automatically or when user next refrsh page) so that it logs the user out and they won't see these notices — user1681039, Sep 26 '12 at 17:17
Hmm, do you check for this in your code? Something like: if(isset($_session['LoggedIn'])){ showPage(); }else{ showTeacherLogin(); } — Joel Murphy, Sep 26 '12 at 17:21
Also, whilst testing your code, don't actually wait 12 hours, set the maxtime to something like 30 seconds, or a minute... — Joel Murphy, Sep 26 '12 at 17:23
if you have set $username and $userid with a session variable, then yes it should. Oh btw, $_SESSION['userid'] should be enough of a check imo. Be sure to test your code with sample values. — Joel Murphy, Sep 26 '12 at 17:38
bte to get a session life for only 1 minute is it like this:`ini_set('session.gc_maxlifetime',60);` ? or is it suppose to be `ini_set('session.gc_maxlifetime',0*0*60); ` — user1681039, Sep 26 '12 at 17:39

score 0 · Answer 1 · answered Sep 26 '12 at 17:37

I'd implement some polling on the client. Pseudo code:

PHP:

// hasSession.php
echo (isset($_SESSION['user_id'])); // bool

JavaScript:

// Poll server
function checkSession() {

    // Assuming the function passes along the truthy or falsy response
    if (ajaxCallToHasSessionPHPResponse()) {
        setTimeout(checkSession, 10000); // Check again in 10 seconds
    } else {
        window.location = '/logout.php';
    }
}
checkSession();

score 0 · Accepted Answer · edited May 23 '17 at 12:12

I wouldnt recommend checking the state of variables, as in cases where register globals is set to true or undefined variables are ignored by the level of strictness, could leave you code open to holes that are very difficult to detect.

The accepted answer to this question How do check if a PHP session is empty?

Is the most typical method to check a visitors state. There are however libraries dedicated to making this kind of system structured and efficient.

Have a read through this: http://www.phpeveryday.com/articles/Zend-Framework-Login-Creating-Authentication-P566.html

What it describes is a way of using the Zend libraries to determine if the current visitor has an identity, in this case a user who is logged in with a session id against a user name. Even if you don't use a library to facilitate this, you can use the same concepts to develop your own method of checking visitor identity.

Can I log user out after session has reached maxlife

2 Answers2